On March 15, 2023, the SEC issued a release (the “Release”) containing proposed amendments to Regulation S-P (the “Proposals”). These Proposals were published in the Federal Register today, March 21. If adopted, the Proposals would require broker-dealers, registered investment companies (with business development companies, “registered funds”) and investment advisers to adopt written policies and
Blackbeard may not be the first name that comes to mind when considering cybercrime, but prior international efforts to stop stateless rogue actors can point us toward the proper focus for cybersecurity—governments taking responsibility to solve a classic collective action problem by direct action, supporting existing industry defense measures, and leading multilateral cooperation efforts. This
Ropes & Gray data, privacy & cybersecurity practice co-lead Ed McNicholas was recently featured on the R&G Tech Studio podcast, a Ropes & Gray podcast focused on showcasing the interesting and exciting work our attorneys are doing in the world of tech. In the interview, McNicholas sits down with Ed Black, technology, media &
Data, privacy & cybersecurity partner Ed McNicholas authored the USA chapter in Cybersecurity Laws and Regulations 2023. The chapter provides an overview of common issues in cybersecurity laws and regulations, including cybercrime, applicable statutes, prevention of cyber-attacks, sector-specific guidance, corporate governance, litigation, insurance, and investigatory and police powers.
Click here to read the full
On 7 October 2022, the White House issued an Executive Order, as well as an accompanying Fact Sheet, which sets out the foundations for the Transatlantic Data Privacy Framework (“Framework”).
Since the decision of the Court of Justice of the European Uon (“CJEU”) in the Schrems II case in mid-2020, organizations have not
On April 8, 2022, the U.S. Food and Drug Administration (“FDA”) released a draft guidance document titled “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” The draft guidance, if finalized, would replace FDA’s 2014 final guidance document titled, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” adding significant
Data, privacy & cybersecurity partners Ed McNicholas and Fran Faircloth authored a chapter in Chambers Global Practice Guide Cybersecurity 2022 on “USA Law & Practice and Trends & Developments.” The chapter provides an overview of cybersecurity regulation in the United States and provides insights on the multitude of cybersecurity threats facing companies and
On March 15, 2022, President Biden signed into law significant new federal data breach reporting legislation that could vastly expand data breach notice requirements far beyond regulated entities or entities processing personal data. Unceremoniously tucked as Division Y into the H.R. 2471 Consolidated Appropriations Act, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of
On March 9, 2022, the Securities and Exchange Commission (“SEC”) proposed updates to its disclosure rules intended to “enhance and standardize” public company disclosure regarding cybersecurity risk management, strategy, governance, and incident reporting (the “Proposed Rules”). The Proposed Rules may require issuers to update their disclosure controls and procedures, in particular with respect
Anxiety is running high as a result of Russia’s invasion of Ukraine, particularly in cybersecurity circles. The 2017 NotPetya attack was a Russian cyber-weapon fired at the Ukraine. In 2017, NotPetya spread to FedEx, Maersk, Merck, and several other companies, and it would be naïve not to expect a spillover from the 2022 attack. Indeed, a barrage of similar “wipers” has already been fired in 2022, and reports are circulating that some computers in Lithuania have been impacted.
Many cyber-weapons are delivered through phishing attacks, and companies can take three important steps to help prevent these attacks:
Continue Reading The Ukrainian Cybersecurity Spillover Problem